ICT auditor manager

ICT auditor managers monitor ICT auditors responsible for auditing information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security. They evaluate ICT infrastructure in terms of risk to the organisation and establish controls to mitigate loss. They determine and recommend improvements in the current risk management controls and in the implementation of system changes or upgrades.

The following job titles also refer to ICT auditor manager:

IT audit manager
ICT auditor managers
ICT audit manager
information technology audit manager

Bachelor’s degree is generally required to work as ICT auditor manager. However, this requirement may differ in some countries.

ISCO skill level is defined as a function of the complexity and range of tasks and duties to be performed in an occupation. It is measured on a scale from 1 to 4, with 1 the lowest level and 4 the highest, by considering:

• the nature of the work performed in an occupation in relation to the characteristic tasks and duties
• the level of formal education required for competent performance of the tasks and duties involved and
• the amount of informal on-the-job training and/or previous experience in a related occupation required for competent performance of these tasks and duties.

ICT auditor manager is a Skill level 4 occupation.

These occupations, although different, require a lot of knowledge and skills similar to ICT auditor manager.

IT auditor
ICT security manager
ICT resilience manager
ICT security administrator
chief ICT security officer

These occupations require some skills and knowledge of ICT auditor manager. They also require other skills and knowledge, but at a higher ISCO skill level, meaning these occupations are accessible from a position of ICT auditor manager with a significant experience and/or extensive training.

This knowledge should be acquired through learning to fulfill the role of ICT auditor manager.

Audit techniques: The techniques and methods that support a systematic and independent examination of data, policies, operations and performances using computer-assisted audit tools and techniques (CAATs) such as spreadsheets, databases, statistical analysis and business intelligence software.
Cyber security: The methods that protect ICT systems, networks, computers, devices, services, digital information and people against illegal or unauthorised use.
Quality standards: The national and international requirements, specifications and guidelines to ensure that products, services and processes are of good quality and fit for purpose.
Ict project management: The methodologies for the planning, implementation, review and follow-up of ICT projects, such as the development, integration, modification and sales of ICT products and services, as well as projects relating technological innovation in the field of ICT.
Control objectives for information and related technology: The risk and controls framework such as Control Objectives for Information and Related Technology (COBIT), which supports decision makers to resolve the gap between business risks, requirements and technical issues.

These skills are necessary for the role of ICT auditor manager.

Manage it security compliances: Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.
Ensure compliance with legal requirements: Guarantee compliance with established and applicable standards and legal requirements such as specifications, policies, standards or law for the goal that organisations aspire to achieve in their efforts.
Prepare financial auditing reports: Compile information on audit findings of financial statements and financial management in order to prepare reports, point out improvement possibilities, and confirm governability.
Perform contract compliance audits: Execute a thorough contract compliance audit, ensuring that goods or services are being delivered in a correct and timely fashion, checking for clerical errors or missed credits and discounts and starting procedures for cash recovery.
Implement ict risk management: Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company’s risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.
Develop ict workflow: Create repeatable patterns of ICT activity within an organisation which enhances the systematic transformations of products, informational processes and services through their production.
Monitor technology trends: Survey and investigate recent trends and developments in technology. Observe and anticipate their evolution, according to current or future market and business conditions.
Execute ict audits: Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.
Ensure adherence to organisational ict standards: Guarantee that the state of events is in accordance with the ICT rules and procedures described by an organisation for their products, services and solutions.
Identify legal requirements: Conduct research for applicable legal and normative procedures and standards, analyse and derive legal requirements that apply to the organisation, its policies and products.
Build business relationships: Establish a positive, long-term relationship between organisations and interested third parties such as suppliers, distributors, shareholders and other stakeholders in order to inform them of the organisation and its objectives.
Develop audit plan: Define all organisational tasks (time, place and order) and develop a checklist concerning the topics to be audited.
Manage standard enterprise resource planning system: Collect, manage and interpret data relevant for companies related to shipping, payment, inventory, resources and manufacturing using specific business management software. Such software as Microsoft Dynamics​, SAP ERP, Oracle ERP.

This knowledge is sometimes, but not always, required for the role of ICT auditor manager. However, mastering this knowledge allows you to have more opportunities for career development.

Information structure: The type of infrastructure which defines the format of data: semi-structured, unstructured and structured.
Systems development life-cycle: The sequence of steps, such as planning, creating, testing and deploying and the models for the development and life-cycle management of a system.
Ict quality policy: The quality policy of the organisation and its objectives, the acceptable level of quality and the techniques to measure it, its legal aspects and the duties of specific departments to ensure quality.
Javascript: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in JavaScript.
Ict security standards: The standards regarding ICT security such as ISO and the techniques required to ensure compliance of the organisation with them.
Php: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in PHP.
Web programming: The programming paradigm that is based on combining markup (which adds context and structure to text) and other web programming code, such as AJAX, javascript and PHP, in order to carry out appropriate actions and visualise the content.
Ict security legislation: The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.
Organisational resilience: The strategies, methods and techniques that increase the organisation’s capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.
Information confidentiality: The mechanisms and regulations which allow for selective access control and guarantee that only authorised parties (people, processes, systems and devices) have access to data, the way to comply with confidential information and the risks of non-compliance.
Legal requirements of ict products: The international regulations related to the development and use of ICT products.
Ajax: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in AJAX.
Cloud technologies: The technologies which enable access to hardware, software, data and services through remote servers and software networks irrespective of their location and architecture.
Ict process quality models: The quality models for ICT services which address the maturity of the processes, the adoption of recommended practices and their definition and institutionalisation that allow the organisation to reliably and sustainably produce required outcomes. It includes models in a lot of ICT areas.

These skills and competences are sometimes, but not always, required for the role of ICT auditor manager. However, mastering these skills and competences allows you to have more opportunities for career development.

Provide technical documentation: Prepare documentation for existing and upcoming products or services, describing their functionality and composition in such a way that it is understandable for a wide audience without technical background and compliant with defined requirements and standards. Keep documentation up to date.
Use markup languages: Utilise computer languages that are syntactically distinguishable from the text to add annotations to a document, specify layout and process types of documents such as HTML.
Coach employees: Maintain and improve employees’ performance by coaching individuals or groups how to optimise specific methods, skills or abilities, using adapted coaching styles and methods. Tutor newly recruited employees and assist them in the learning of new business systems.
Manage changes in ict system: Plan, realise and monitor system changes and upgrades. Maintain earlier system versions. Revert, if necessary, to a safe older system version.
Develop information security strategy: Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.
Ensure information privacy: Design and implement business processes and technical solutions to guarantee data and information confidentiality in compliance with legal requirements, also considering public expectations and political issues of privacy.
Develop ict test suite: Create a series of test cases to check software behaviour versus specifications. These test cases are then to be used during subsequent testing.
Train employees: Lead and guide employees through a process in which they are taught the necessary skills for the perspective job. Organise activities aimed at introducing the work and systems or improving the performance of individuals and groups in organisational settings.
Implement corporate governance: Apply a set of principles and mechanisms by which an organisation is managed and directed, set procedures of information, control flow and decision making, distribute rights and responsibilities among departments and individuals, set corporate objectives and monitor and evaluate actions and results.

2519 – Software and applications developers and analysts not elsewhere classified

 

 

---

 

 

References

1. ICT auditor manager – ESCO